Amendments to the claims, 

Listing of all claims pursuant to 37 CFR 1.121(c) 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

What is claimed is: 

1 . (Currently amended) A method for controlling connections to a computer upon 
its initial deployment, the method comprising: 

upon tiie initial deployment of the computer, applying a preconfigured security 
update policy that establishes a restricted zone of at least one preapproved hosts host that 
the computer may connect to upon its initial deployment , so that the computer is not 
allowed to participate with general connectivity to the Internet until security-relevant 
updates have been completed : 

receiving a request for a connection from the computer to a particular host; 

based on said preconfigured security update pohcy, determining whether the 
particular host is within the restricted zone of at least one preapproved hosts host; aad 

blocking said connection if said particular host is not within the restricted zone of 
at least one preapproved hosts host; and 

once the computer has complied with the security update policy, lifting the 
restricted zone so that the computer is allowed to participate with general connectivity to 
the Internet. 

2. (Currently amended) The method of claim I. further comprising: 
prior to the initial deployment of the computer, imaging a hard disk of the 

computer with said preconfigured security update policy. 

3. (Currently amended) The method of claim I, wherein the computer comprises 
a portable computer and tiie initial deployment includes establishing Internet 
connectivity. 

4. (Original) The method of claim 1 , wherein the restricted zone comprises a pre- 
access restricted zone specifically for a new machine. 
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5. (Currently amended) The method of claim 1, wherein said preconfigured 
security update policy operates to prevent the computer from being remotely accessed by 
another computer upon tiie initial deployment. 

6. (Currently amended) The method of claim 1, wherein said preconfigured 
security update policy operates to prevent the computer from being remotely probed for 
vulnerabilities by other computers. 

7. (Currently amended) The method of claim 1, wherein said preconfigured 
security update policy operates to prevent the computer from being infected by a 
malicious program delivered through an open port. 

8. (Currently amended) The method of claim 1, wherein said blocking step 
includes: 

instructing a firewall, which is responsive to said preconfigured security update 
policy, to block connections to any host that is not within the restricted zone of at least 
one preapproved hosts host. 

9. (Currently amended) The method of claim 1, wherein the at least one 
preapproved hosts compris e host comprises specific security-relevant sites. 

10. (Original) The method of claim 9, wherein specific security-relevant sites 
include antivirus Web sites. 

1 1 . (Original) The method of claim 9, wherein specific security-relevant sites 
include firewall Web sites. 

12. (Original) The method of claim 9, wherein specific security-relevant sites 
include end point security Web sites. 
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13. (Original) The method of claim 1, wherein other attempted connections to the 
computer are refused. 

14. (Original) The method of claim 1, further comprising: 

upon the computer completing updating of security subsystems, removing the 
restricted zone so that the computer may connect to other machines. 

15. (Currently amended) The method of claim 14, wherein the restricted zone is 
removed by replacing the preconfigured security update policy with an updated security 
update policy. 

16. (Currently amended) The method of claim 1, wherein the preconfigured 
security update policy is preinstalled on the computer prior to user purchase. 

17. (Currently amended) The method of claim 1, wherein the computer includes a 
hard disk having a manufacturer-provided disk image, and wherein the manufacturer- 
provided disk image includes the preconfigured security update policy. 

18. (Original) The method of claim 1, wherein the computer is not allowed to 
participate with general connectivity to the Internet until security-relevant updates have 
been performed. 

19. (Currently amended) The method of claim 18, fiirther comprising: 
providing an option that allows a user to override the preconfigured security 

update policy. 

20. (Ciirrently amended) The method of claim 19, further comprising: 
providing a warning to any user that overrides the preconfigured security update 

policy. 

21. (Currently amended) The method of claim 19, further comprising: 
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displaying a disclaimer to any user that overrides the preconfigured security 
update policy that indicates that the user assumes responsibility. 

22. (Original) The method of claim 9, wherein specific security-relevant sites 
include operating system-related Web sites. 

23. (Original) The method of claim 1, further comprising: 

upon a first attempted connection of the computer, downloading an updated list of 
hosts that the computer may initially connect to. 

24. (Original) A computer-readable medium having processor-executable 
instructions for performing the method of claim 1 . 

25. (Original) A downloadable set of processor-executable instructions for 
performing the method of claim 1 . 

26. (Currently amended) A computer system that is preconfigured to control 
connections upon tiie initial deployment, the system comprising: 

a computer having a preconfigured security update policy that establishes a 
restricted zone of at least one preapproved hosts host that the computer may connect to 
upon tiie initial deployment of the compute r, so that the computer is not allowed to 
participate with general connectivity to the Internet until security-relevant updates have 
been completed : 

a connectivity module for processing user requests for the computer to connect to 
a particular host; and 

a security module for determining whether the particular host is within the 
restricted zone of at least one preapproved hosts host based on said preconfigured 
security update policy, and for blocking any attempt to connect to a host that is not within 
the restricted zone of at least one preapproved hosts host, until the computer is brought 
into compliance with the security update policy . 
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27. (Currently amended) The system of claim 26, further comprising: 

a hard disk that receives a hard disk image having said preconfigured security 
update policy. 

28. (Currently amended) The system of claim 26, wherein the computer 
comprises a portable computer and the initial deployment includes establishing Internet 
connectivity. 

29. (Original) The system of claim 26, wherein the restricted zone comprises a 
pre-access restricted zone specifically for a new machine. 

30. (Currently amended) The system of claim 26, wherein said preconfigured 
security update policy operates to prevent the computer from being remotely accessed by 
another computer upon tiie initial deployment. 

3 1 . (Currently amended) The system of claim 26, wherein said preconfigured 
security update policy operates to prevent the computer from being remotely probed for 
vulnerabilities by other computers. 

32. (Currently amended) The system of claim 26, wherein said preconfigured 
security update policy operates to prevent the computer from being infected by a 
malicious program delivered through an open port. 

33. (Currently amended) The system of claim 26, wherein the security module 
blocks attempts by instructing a firewall, which is responsive to said preconfigured 
security update policy, to block connections to any host that is not within the restricted 
zone of at least one preapproved hosts host . 

34. (Currently amended) The system of claim 26, wherein the at least one 
preapproved hosts comprise host comprises specific security-relevant sites. 
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35. (Original) The system of claim 34, wherein specific security-relevant sites 
include antivirus Web sites. 

36. (Original) The system of claim 34, wherein specific security-relevant sites 

include firewall Web sites. 

37. (Original) The system of claim 34, wherein specific security-relevant sites 
include end point security Web sites. 

38. (Original) The system of claim 26, wherein other attempted connections to 
the computer are refiised. 

39. (Original) The system of claim 26, further comprising: 

a module for removing the restricted zone so that the computer may connect to 
other machines. 

40. (Currently amended) The system of claim 39, wherein the restricted zone is 
removed by replacing the preconfigured security update policy with an updated security 
update policy. 

41 . (Currently amended) The system of claim 26, wherein the preconfigured 
security update policy is preinstalled on the computer prior to user purchase. 

42. (Currently amended) The system of claim 26, wherein the computer includes 
a hard disk having a manufacturer-provided disk image, and wherein the manufacturer- 
provided disk image includes said preconfigured security update policy. 

43. (Original) The system of claim 26, wherein the computer is not allowed to 
participate with general connectivity to the Internet until security-relevant updates have 
been performed. 
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44. (Currently amended) The system of claim 43, wherein the security module 
includes an option that allows a user to override the preconfigured security update pohcy. 

45. (Currently amended) The system of claim 44, wherein the security module 
displays a warning to any user that overrides the preconfigured security update policy. 

46. (Currently amended) The system of claim 44, wherein the security module 
displays a disclaimer to any user that overrides the preconfigured security update policy 
that indicates that the user assumes responsibility. 

47. (Original) The system of claim 34, wherein specific security-relevant sites 
include operating system-related Web sites. 

48. (Original) The system of claim 26, wherein the security module downloads 
an updated list of hosts that the computer may initially connect to. 

49. (Currently amended) A method for enforcing pre-access connectivity 
restrictions on a new machine so as to enforce security updates , the method comprising: 

detecting attempts to connect the new machine to other devices; 

determining, based on an initial security update policy that establishes a restricted 
zone of acceptable connections, which devices the new machine is permitted to connect 
to . so that the machine is not allowed to participate with general connectivity to the 
Internet until security-relevant updates have been applied to the machine : and 

blocking any connection that attempts to connect the new machine to a device 
outside the restricted zone of acceptable connections , so that the machine cannot 
participate with general connectivity to the Internet until the machine is brought into 
compliance with the security update policy . 

50. (Currently amended) The method of claim 49, fiirther comprising: 

prior to tiie initial deployment of the new machine, imaging a hard disk of the new 
machine with said initial security update policy. 
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5 1 . (Currently amended) The method of claim 49, wherein the new machine 
comprises a portable computer and tiie initial deployment includes establishing Internet 
connectivity. 

52. (Original) The method of claim 49, wherein said restricted zone comprises a 
pre-access restricted zone specifically for a new machine. 

53. (Currently amended) The method of claim 49, wherein said initial security 
update policy operates to prevent the new machine from being remotely accessed by 
another computer upon tiie initial deployment. 

54. (Currently amended) The method of claim 49, wherein said initial security 
update policy operates to prevent the new machine from being remotely probed for 
vulnerabilities by other computers. 

55. (Currently amended) The method of claim 49, wherein said initial security 
update policy operates to prevent the new machine from being infected by a malicious 
program delivered through an open port. 

56. (Currently amended) The method of claim 49, wherein said blocking step 
includes: 

instructing a firewall, which is responsive to said initial security update policy, to 
block connections to any host that is not within the restricted zone of at least one 
preapproved hosts host . 

57. (Ciirrently amended) The method of claim 56, wherein the at least one 
preapproved hosts comprise host comprises specific security-relevant sites. 

58. (Original) The method of claim 57, wherein specific security-relevant sites 
include antivirus Web sites. 
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59. (Original) The method of claim 57, wherein specific security-relevant sites 
include firewall Web sites. 

60. (Original) The method of claim 57, wherein specific security-relevant sites 
include end point security Web sites. 

61 . (Original) The method of claim 49, wherein other attempted connections to 
the new machine are refiised. 

62. (Original) The method of claim 49, fiirther comprising: 

upon the new machine completing updating of security subsystems, removing the 
restricted zone so that the new machine may connect to other machines. 

63. (Currently amended) The method of claim 62, wherein the restricted zone is 
removed by replacing the initial security update policy with an updated security update 
policy. 

64. (Currently amended) The method of claim 49, wherein the initial security 
update policy is preinstalled on the new machine prior to user purchase. 

65. (Currently amended) The method of claim 49, wherein the new machine 
includes a hard disk having a manufacturer-provided disk image, and wherein the 
manufacturer-provided disk image includes said initial security update policy. 

66. (Original) The method of claim 49, wherein the new machine is not allowed 
to participate with general connectivity to the Internet until security-relevant updates 
have been completed. 

67. (Currently amended) The method of claim 66, fiirther comprising: 
providing an option that allows a user to override the initial security update 
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policy. 

68. (Currently amended) The method of claim 67, further comprising: 
providing a warning to any user that overrides the initial security update policy. 

69. (Currently amended) The method of claim 67, further comprising: 
displaying a disclaimer to any user that overrides the initial security update policy 

that indicates that the user assumes responsibility. 

70. (Original) The method of claim 57, wherein specific security-relevant sites 
include operating system-related Web sites. 
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